a5920da7af
10 changes to exploits/shellcodes/ghdb Ricoh Printer - Directory and File Exposure Blood Bank & Donor Management System using v2.2 - Stored XSS Equipment Rental Script-1.0 - SQLi Bank Locker Management System - SQL Injection Fundraising Script 1.0 - SQLi PHP Shopping Cart 4.2 - Multiple-SQLi 7 Sticky Notes v1.9 - OS Command Injection Typora v1.7.4 - OS Command Injection
22 lines
No EOL
784 B
Text
22 lines
No EOL
784 B
Text
# Exploit Title: 7 Sticky Notes v1.9 - OS Command Injection
|
|
# Discovered by: Ahmet Ümit BAYRAM
|
|
# Discovered Date: 12.09.2023
|
|
# Vendor Homepage: http://www.7stickynotes.com
|
|
# Software Link:
|
|
http://www.7stickynotes.com/download/Setup7StickyNotesv19.exe
|
|
# Tested Version: 1.9 (latest)
|
|
# Tested on: Windows 2019 Server 64bit
|
|
|
|
# # # Steps to Reproduce # # #
|
|
|
|
# Open the program.
|
|
# Click on "New Note".
|
|
# Navigate to the "Alarms" tab.
|
|
# Click on either of the two buttons.
|
|
# From the "For" field, select "1" and "seconds" (to obtain the shell
|
|
within 1 second).
|
|
# From the "Action" dropdown, select "command".
|
|
# In the activated box, enter the reverse shell command and click the "Set"
|
|
button to set the alarm.
|
|
# Finally, click on the checkmark to save the alarm.
|
|
# Reverse shell obtained! |